[Bug 339073] New: restricted shell rbash usage is broken in 10.3
https://bugzilla.novell.com/show_bug.cgi?id=339073 Summary: restricted shell rbash usage is broken in 10.3 Product: openSUSE 10.3 Version: Final Platform: Other OS/Version: openSUSE 10.3 Status: NEW Severity: Critical Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: robin.listas@telefonica.net QAContact: qa@suse.de Found By: --- First, Yast user management (gnome style) does not offer rbash in the drop list. If I manually type "/bin/rbash", it doesn't work because it is "/usr/bin/rbash" instead. Plus, yast warns that the choosen shell does not exist (when it does) and the user will fail. Ignoring this and creating the new user produces a user that can't run anything: not because the shell is wrong, but because the user gets the wrong path: PATH=/usr/lib/restricted/bin When typing any command, I get: cer3@nimrodel:~> ls -rbash: ls: command not found cer3@nimrodel:~> /etc/passwd entry is: cer3:x:2000:100:Carlos E. R. M.,testing user:/home/cer3:/usr/bin/rbash I file this a security bug because I consider rbash a security feature, and being forced to use a normal shell is a security risk. This system was updated to 10.3 from 10.2 (boxed set I got as a "present" from you for collaboration with beta testing). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339073#c1
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=339073#c2
Carlos Robinson
https://bugzilla.novell.com/show_bug.cgi?id=339073
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=339073#c4
Jiří Suchomel
https://bugzilla.novell.com/show_bug.cgi?id=339073#c5
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=339073#c6
Jiří Suchomel
https://bugzilla.novell.com/show_bug.cgi?id=339073#c7
Dr. Werner Fink
https://bugzilla.novell.com/show_bug.cgi?id=339073#c8
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=339073#c9
Dr. Werner Fink
https://bugzilla.novell.com/show_bug.cgi?id=339073#c10
Ludwig Nussel
participants (1)
-
bugzilla_noreply@novell.com